Key management for secure lnternet multicast using Boolean function minimization techniques

The Internet provides no support for privacy or authentication of multicast packets. However, an increasing number of applications require secure multicast services in order to restrict group membership and enforce accountability of group members. A major problem associated with the deployment of secure multicast delivery services is the scalability of the key distribution protocol. This is particularly true with regard to the handling of group membership changes, such as member departures and/or expulsions, which necessitate the distribution of a new session key to all the remaining group members. As the frequency of group membership changes increases, it becomes necessary to reduce the cost of key distribution operations. This paper explores the use of batching of group membership changes to reduce the frequency, and hence the cost, of key re-distribution operations. It focuses explicitly on the problem of cumulative member removal and presents an algorithm that minimizes the number of messages required to distribute new keys to the remaining group members. The algorithm is used in conjunction with a new multicast key management scheme which uses a set of auxiliary keys in order to improve scalability. In contrast to previous schemes which generate a fixed hierarchy of keys, the proposed scheme dynamically generates the most suitable key hierarchy by composing different keys. Our cumulative member removal algorithm uses Boolean function minimization techniques, and outperforms all other schemes known to us in terms of message complexity